EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1023)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0119-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0119-1 advisory. - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105 Tenable has extracted the preceding description block directly from the SUSE...

OPENSUSE-SU-2026:20031-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

SUSE-SU-2026:20110-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

TencentOS Server 3: curl (TSSA-2025:0994)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0994 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

MiracleLinux 4 : curl-7.19.7-26.1.0.1.AXS4 (AXSA:2011-424:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-424:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

Fedora 42 : composer (2026-13b4dbe546)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-13b4dbe546 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1023)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1044)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1066)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 3 : curl-7.15.5-2.1AXS3.4 (AXSA:2009-37:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-37:01 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

MiracleLinux 3 : curl-7.15.5-9.AXS3.3 (AXSA:2011-231:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-231:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1086)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 3 : curl-7.15.5-9.AXS3 (AXSA:2010-170:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-170:01 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

curl: Gopher Protocol Command Injection (SSRF Smuggling)

Summary The curl Gopher protocol handler is vulnerable to command injection through URL-encoded CRLF sequences in the path. This allows an attacker to "smuggle" additional Gopher selectors or arbitrary commands into a single Gopher request. By using %0d%0a in the URL, an attacker can break the...

curl: Use-After-Free in curl_easy_nextheader when reusing header handle across requests

. The API returns struct curlheader objects that internally reference libcurl-owned linked list nodes. When a new request is performed on the same CURL handle, libcurl frees and rebuilds the internal header list, but previously returned struct curlheader objects remain valid to the application an...

SUSE-SU-2026:0119-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

curl: integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit

Summary: A logic error involving an integer overflow specifically, an unsigned integer underflow exists in the lib/mqtt.c file within the mqttpublish function. This vulnerability allows an attacker or a malicious user configuration to bypass the explicit MAXMQTTMESSAGESIZE check. The vulnerabilit...

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...